Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-Ua-Compatible
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Ac
Report-To
X-Rq
X-Server-Id
Content-Location
X-OneAgent-JS-Injection
X-Node
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Url
X-DynaTrace
X-Cdn
X-Vhost
Pinterest-Generated-By
X-Ruxit-JS-Agent
X-TTL
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
X-CST
X-ORACLE-DMS-RID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
NEL
Rating
X-FTR-Request-ID
X-Country-Code
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Edge-Control
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
X-PC
X-Vname
X-TtlSet
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-MS-InvokeApp
X-Mod-Pagespeed
SPRequestGuid
Verso
X-DataDome
X-Request-ID
X-Cdn-Fetch
X-Kinja-Server
X-Dns-Prefetch-Control
X-Use-Magma
X-Recruiting
X-Exp-Id
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Exp-Variant
X-GoogleNews-Bot
X-D2id
X-B3-TraceId
X-ESI
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
X-Abt-Application-Version
TCN
X-Amz-Server-Side-Encryption
DynaTrace
X-RateLimit-Remaining
X-Powered-By-Plesk
X-Navigation-Version
X-SRCache-Fetch-Status
X-GitHub-Request-Id
X-SRCache-Store-Status
RTSS
Display
Response
X-Middleton-Response
X-Middleton-Display
X-Sol
X-Server-Name
Content-MD5
X-Akam-SW-Version
Accept-Ch-Lifetime
Charset
AR-ATIME
AR-CACHE
AR-PoweredBy
Ar-Sid
MS-Author-Via
X-Amz-Rid
ServerID
X-Trace
Realpath
X-Shield-Request-Id
AR-Request-ID
X-Dw-Request-Base-Id
X-Goog-Generation
X-Goog-Metageneration
X-Cached
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Powered-CMS
X-DynaTrace-JS-Agent
X-Version
Nginx-Cache
X-Server-ID
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Forwarded-Proto
X-Shard
X-Upstream
SPRequestDuration
SPIisLatency
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Public-Key-Pins
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Fastly-Restarts
Accept-Ch
Pagespeed
X-Goog-Storage-Class
Paypal-Debug-Id
X-Client-IP
X-MSEdge-Ref
Access-Control-Request-Method
X-Upstream-Proxy
X-Pinterest-Rid
Pinterest-Version
S
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Accept-CH
X-Debug
X-Id
X-Amz-Meta-S3cmd-Attrs
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-Ezoic-Cdn
X-FTR-Expires
X-DIS-Request-ID
X-VCache
X-N
X-T
MicrosoftSharePointTeamServices
X-Fastly-Request-ID
X-Grace
Arr-Disable-Session-Affinity
X-Ser
X-Varnish-Age
PB-RID
Arc-Version
PB-PID
Alternate-Protocol
X-Mobile-Rewrite
X-Amzn-Trace-Id
X-Hits
Front-End-Https
X-Content-Type
X-NF-Request-ID
X-B3-Sampled
Fastcgi-Cache
X-XRDS-Location
X-Acc-Meta-Resource-Type
X-FTR-Cache-Host
Nel
X-Frontend
X-Logged-In
Server-Name
X-Content-Digest
X-Pad
X-Srv
X-Forwarded-For
X-Correlation-Id
X-FastCGI-Cache
Host
AMP-Access-Control-Allow-Source-Origin
X-Vcache
X-Node-Name
X-Microsite
X-Request-Handler-Origin-Region
Powered-By-ChinaCache
FilterID
TP-L2-Cache
TP-Cache
Healthy
X-LB-Cache
X-Kinsta-Cache
X-Type
X-Rid
Edge-Cache-Tag
X-Fastcgi-Cache
X-Debug-Info
X-IPLB-Instance
X-AOL-HN
X-Request-Processing-Time
X-Request-Received
X-User-Agent
X-XRDS-LOCATION
X-Cached-By
X-GUploader-UploadID
X-HS-Content-Id
X-Hostname
X-Cache-2
X-HS-Hub-Id
X-Revision
X-Cache-Rule
X-Cache-Key
X-F-Cache
Powered
Surrogate-Key
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Zen-Fury
X-Accel-Expires
X-Analytics
Backend-Timing
X-Cache-Age
X-Page-Id
X-Varnish-Backend
X-Varnish-Grace
X-BCube-Filmed-By
X-Kong-Upstream-Latency
X-Content-Options
X-Kong-Proxy-Latency
X-Jobs
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-FB-Debug
VIX-Pulpo-Node
X-Cluster
X-Activity-Id
X-AppVersion
Cache-Status
X-Content-Powered-By
X-Request-Guid
X-Az
X-RateLimit-Limit
X-PHP-Backend
X-Amz-Replication-Status
X-Tumblr-Pixel
X-B3-Traceid
Source
X-Tumblr-Pixel-0
X-Instance
X-Tumblr-User
X-TT
X-App-Environment
X-Akamai-Edgescape
Cleartype
X-Via-JSL
X-Framework
Tracecode
X-Varnish-Hostname
WPE-Backend
Server-Node
X-Forwarded-Host
Refresh
Host-Header
X-Mobile
X-NWS-LOG-UUID
X-FW-Server
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Hash
X-Cache-Operation
X-ATG-Version
X-Cache-Control
X-Cache-TTL
X-B-Cache
X-Signature
X-Time
Accept-Charset
DC
Actual-Object-TTL
X-Drupal-Cache-Tags
Liferay-Portal
X-Cache-Action
X-Edge-Location
Access-Control-Allow-Method
X-Cache-Hit
Upgrade-Insecure-Requests
X-App-Server
X-Mobile-URL
X-Hp-Webp
X-Response-Served-From
X-Accel-Buffering
Fastcgi-Useragent
Payment
X-Whom
X-UA-Device-Type
X-Content-Age
X-TX-ID
X-Handled-By
X-TA-CDN-Provider
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-WebKit-CSP-Report-Only
X-B
X-Storage
X-SS-Set-Cookie
Filters
X-Cacheable-TTL
X-VG-WebCache
X-GeoIP
X-RequestSource
X-TT-TIMESTAMP
X-Adobe-Loc
X-Git-Hash
Eomportal-Instance
X-Adobe-Content
X-RemovedCookies
Viewport
X-Geo-Country
Xserver
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-ProcessESI
Cache-Tv-Group
X-WA-Info
Server-Info
Cache
X-FB-TRIP-ID
Cache-Tag
Webserver
X-Erf-Bev-Bev-Is-Generated
X-Cache-TTL-Remaining
X-Status
X-Ratelimit-Reset
X-Erf-Bev-Bev
Datacenter
X-Cache-Enabled
Retry-After
Accept-CH-Lifetime
NGB
X-Ratelimit-Limit
X-Presslabs-Stats
X-APP-VERSION
X-Esi
X-Contextid
X-FW-Dynamic
X-Seen-By
S-Cnection
X-Origin-Server
X-Host-Name
X-CF-Powered-By
X-Mode
X-Daa-Tunnel
X-Magnolia-Registration
From-Origin
MS-CV
Country
Meta-Geo
X-Varnish-Hits
Frame-Options
X-VWS-Id
X-Rendered-As
Load-Balancing
X-RN-RSRV
Machine
X-Path-Route
X-AWS-Id
X-ES-SERVER
X-Cache-Var
X-Cache-Var-Map
X-LJ-Flow-ID
X-Upstream-HT
X-Human
DSUID
Release
X-Upstream-CT
X-Routing-Service
GEO-INFO
X-Hit
Mail-Subject
X-Proxied
X-Cache-Config
X-Zipkin-Id
We-Hiring
X-Hyper-Cache
X-RCS-CacheZone
X-Section
X-Device-Type
X-Debug-Cache
X-EIG-Tracking-Id
Mn-Server-Ip
X-Loop
X-PCL
X-Labrador-Cache-Channel
X-From
X-Cache-Host
X-TNCMS
Vix-Hermes-Req-Id
Uber-Trace-Id
X-Backend-Name
X-Varnish-Cache-Hits
X-OCL
X-Access
X-Varnish-Server
OT-Force-Account-Verify
X-Cluster-Node
Rt-Fastcgi-Cache
X-BYPASS-REASON
X-Alternate-Cache-Key
X-Akamai-Request-ID
X-ProxyCache-Status
X-Viewer-Country
X-VG-TLSProxy
X-VCT
X-Web-Node
Now
X-Tumblr-Pixel-3
X-MP-GENERATED-AT
X-Upgrade-Enabled
X-Sorting-Hat-PodId
X-R9-Blue-Green-Version
X-ProxyCache-Key
X-Proto
X-Rule
X-ShardId
X-Shopify-Stage
X-ShopId
X-Origin-Response-Time
X-Sorting-Hat-ShopId
X-RTag
X-Cache-NE
X-JoinUs
Akamai-GRN
X-Xfnlog-Site
X-Timing-Wait
X-Proxy-Build
Cache-Key
X-Hosted-By
Ms-Operation-Id
X-S
X-CCM
X-Generated-By
X-FC-Vary-Parameters
X-Generated
X-Cache-Grace
X-Region
ServedBy
X-Goog-Meta-Goog-Reserved-File-Mtime
X-PressLabs-Stats
X-Guploader-Uploadid
Decoy-Debug-Key
X-Via-Fastly
X-NCache
Decoy-Debug-Status
Decoy-Debug-TTL
X-Redis-Cache
X-Endurance-Cache-Level
X-L-Path
X-Environment-Context
X-Real-IP
Cache-Name
X-Platform-Server
X-UUID
X-NewRelic-App-Data
X-Drupal-Cache-Contexts
X-Www-Served-By
X-Locale
X-Nginx-Cache
X-Site-Version
X-Trace-Id
DB-Nickname
NGX
X-MServer
X-Load-Cache
X-EdgeConnect-Cache-Status
X-Hl-Ver
X-Vgn-Hpd-Reason
Cteonnt-Length
X-Cache-Remote
X-ServerID
X-Rocket-Nginx-Bypass
ProcessTime
X-ECACHE
X-Request-Time
X-IP
Time
X-B3-Spanid
X-IPS-LoggedIn
X-Time-Microsecs
NtCoent-Length
S-Rt
X-Dc
X-Wix-Request-Id
X-Via-CDN
X-Origin
TWC-GeoIP-LatLong
TWC-Locale-Group
Version
CACHE
L5d-Success-Class
X-RateLimit-Reset
Property-Id
TWC-Connection-Speed
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
X-Origin-Hint
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
X-FW-Version
Azure-Version
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-InstanceId
X-GEO
X-Proxy
Served-By
X-No-Session
X-Distributor
X-Microcachable
X-FireWall-Port
X-Cache-Backend
X-Oneagent-Js-Injection
Origin-Edge-Control
Fastly-SSL
X-UA
Origin-Cache-Control
Origin
X-Datadome
SRV
Fastcgi-X-Cache-Version
X-Unique-ID
X-Cache-Category-Id
X-Grey
X-Cache-Server
X-Pubstack
X-Is-Bot
X-PERF
X-GRACE
X-ApacheServer
IBM-Web2-Location
Access-Control-Request-Headers
X-CS
X-Via-NSCOPI
X-Detected-As
X-Format
X-Webkit-Csp
X-Akamai-Transformed
Odigeo-Trace-Id
X-HTML-Minification-Powered-By
X-BACKEND-TTL
Ec-Rule-Version
X-Powered-By-Defense
X-Edge
Cache-Tags
Backend-Name
Hostname
X-Nc
X-A
VivaBuild
Rt-Proxy-Cache
X-A-Ccd
X-A-Dam
Viewtype
X-HS-Cache-Config
X-HS-Combine-CSS
Server-ID
ServerName
X-A-Dcw
X-IN-APIGATEWAY
X-A-Dgt
X-Server-Time
X-Internal-Host
X-App-Name
X-SRCache-Key
X-G
X-AIR-PT
X-Aed
X-Instart-Info
X-S-Cookie
X-A-Wwc
X-Accel-Expires-Debug
X-ScT
X-Request-UUID
Cdn-Request-Time
Content-Script-Type
Cdn-Host
Meta-Geo-Continent
Cache-Prefix
Content-Style-Type
MD5-Digest
GEO-REGION-INFO
Fly-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
Cross-Origin-Window-Policy
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Request-Country
Rendered-Blocks
Request-EU
A
Request-Time
Node
Arc-Country
Cache-Cookie-Set-From
BehaviorPad-Version
Mobile-Detection-Method
AsisCache
X-External-Request-Id
X-Rojux
X-Vtex-Processado-Em
X-Org
X-Cluster-Name
X-Connection-Hash
X-Developer
X-Transaction
X-CF-Lambda-Version
X-DPWN-IS-SECURE
X-B-Cookie
X-Cache-Bucket
X-CF-Lambda-Fn
X-S-Maxage
X-D
X-Worker
X-PAYTM-SRV-ID
X-Processor
X-Rewrite-Enabled
X-Destination
Xc-Version
X-Date
X-Vtex-Remote-Cache
X-Region-Sid
X-Akamai-Request-ID2
Fly-Cache
X-CGP
X-Application
X-Eu-Site
Proxy-Connection
X-Edge-Server
X-NU-AKA-ACS-Version
X-ARC
X-Twitter-Response-Tags
X-Trv-Group
X-VG-WebServer
X-Varnish-Cacheable
X-Compress-Hint
X-Tb
X-UnsetCookies
X-CDN-Forward
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Mime-Version
X-Debug-Cookies
X-Irp-Debug
X-Generated-On
X-Qloud-Router
X-TH-Server
X-Fastly-Cache
X-Key
X-Level-Front-Cache
Is-Eu
Memcached
X-We-Are-Hiring
X-Debug-Log
X-Cdn-Srv
Proxy-Firewall
Server-Host
X-Geo-Header
Section-Io-Cache
X-GeoIP-Country-Code
X-Variation
X-Backend-State
X-Hash
X-NX-Host
RNT-Time
RNT-Machine
X-Server-IP
X-Core-Mission
X-ND-Cache
Platform
X-Dispatcher-Server
X-Clientip
X-Epic-Correlation-Id
X-Reqid
Resin-Trace
Apple-News-Services-Request-Url
Fastly-SWR
X-Ttl
Countrycode
PageSpeed
Apple-News-Services-Parsed-Url
Adler-Geo
Apple-News-Services-Handled
Apple-News-Services-Host
X-Ua
Country-Code
X-B3-Parentspanid
X-C
Fastly-SIE
X-Oracle-Dms-Rid
X-Li-Fabric
X-Hnp-Log
X-Amz-Meta-Cache-Control
X-LI-Proto
X-PHP-Host
X-BBXSRF
X-LI-UUID
X-Method
X-Cache-Id
X-Device-Os
X-CDN-Cache
X-Cdn-Origin
X-Developers
X-Distil-CS
X-Protected-By
X-Crawler
X-Gen-Mode
X-Fetched-On
X-Cache-Info
X-Block-Status
X-Request-URI
X-Wikidot-Static-Cache
Esi-Enabled
X-Wikidot-Backend
X-Webstats-RespID
X-WebServer
Gh-Request-Id
SS
X-Skip-Cache
X-Nginx-Cache-Key
X-Location
X-Dispatch
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
LB
X-Response-By
Wxu-Next-Region
X-Request-Start
X-SD-PageType
X-Served-From
X-Sn-Servicetimems
X-SIPLIST1
X-ServiceProvider
X-Servername
X-Reboot
X-Li-Pop
Who
PFcat
Powered-By
Pramga
AKAMAI
Web-Mar-Node
On-Server
CDCHOST
Content-Disposition
IsBot
User-Cache-Control
Wxu-Next-Commit
UCS
Server-Int
Wxu-Next-Hostname
SD-X-WS
True-Client-Country-4JS
REQUESTUUID
X-ElasticPress-Search
X-NC
X-Fstrz
X-Gannett-Site-Version
X-GeoIP-City
X-Origin-Date
X-Secret
Pragrma
X-Cms-Context
X-Owner
X-Release
X-Origin-Expires
V-Age
X-Swa-Ws
GW-Server
X-Cdn-Forward
X-Cache-FS-Status
X-FPC
Fastly-Soc-X-Request-Id
X-Generation-Time
Heartbleed
X-Auto-Login
X-Bip
X-Via-Edge
X-Thanos
X-Via-SSL
X-CUA
X-Thinkindot-L3
X-Matched-Rule
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
W
X-Parent-Response-Time
X-OVcl
X-B3-SpanId
X-VC-Cache
X-VServer
X-Azure-Ref
Thinkindot-Control
X-OVcl-Cache
X-Azure-Ref-OriginShield
X-Origin-TTL
X-Varnish-Ttl
X-Origin-CC
CF-IPCountry
X-Planisys-CDN-TTL
X-CLOUD-TRACE-CONTEXT
X-Planisys-CDN-Cache
Accept-Language
X-Clara-WADP
X-WADP-Cache
X-Varnish-Url
X-Planisys-CDN-Rules
X-Be
L
Memory
X-IN-WAF
X-Ratelimit-Remaining
X-Phone
X-Core-Value
X-Birta-Served
X-Birta-Cache-Post
X-Proxy-Upstream
N-Cache
X-Proxy-Cache-Status
X-LAGOON
X-Varnish-Beresp-Ttl
X-Varnish-IP
X-TrackingId
HitType
Selected-FE
X-FE
X-Info
X-Geo
X-Amzn-Remapped-Content-Length
X-DC
X-Page-Type
Selected-Fe
Kp-EeAlive
X-Pf-Uncompressing
X-App-Version
X-URL
X-Urbn-Site-Id
Locale
User-Agent
Magicmarker
X-Urbn-Context-Path
X-Dynatrace-Js-Agent
Cdn
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Zone
X-Source
X-Backend-TTL
Pagetype
X-Web-Server
X-CACHE-KEY
X-TT-LOGID
X-User
Geoip-Latitude
X-Cache-Debug
Geoip-City
X-Agile-Id
X-ABtesting
GeoIp-Country-Code
X-Hello
X-Agile
X-HS-Status
X-Newrelic-Synthetics
X-Agile-Age
X-Flog
X-Litespeed-Cache
CF-Cached-On
X-Backend-Host
X-Refresh
X-SERVER-NAME
X-Backend-Url
X-Servedbyhost
X-Generated-In
X-Mid
X-MID
X-Check-Cacheable
X-Soup
X-Up
X-MSEdge-Features
SN
X-MSEdge-Flight
X-GoCache-CacheStatus
X-Real-Ip
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-ZONE
X-Aicache-OS
X-Vcl-Version
X-VCL-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Tt-Trace-Tag
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
FSS-Proxy
X-NWS-UUID-VERIFY
FSS-Cache
X-APP
X-Oss-Request-Id
X-Oss-Storage-Class
X-ServedByHost
HostName
Ohc-Cache-HIT
Ohc-File-Size
GeoIP-Country-Code
Group
Srv
X-EC-Lua
X-Cache-ASPX
GeoIP-City
X-Contensis-Viewer-Groups
X-UPSTREAM-Address
WZWS-RAY
X-Amzn-Remapped-Date
Server-Surrogate-Control
X-Amzn-Remapped-Connection
HTTPS
Server-Cache-Control
GeoIP-Latitude
X-Varnish-Authentication
X-Old-Content-Length
X-CSRF-Token
X-SayCDN-TTL
X-SN
X-Cache-Ttl
X-Say-TTL
X-Via-Ucdn
X-Say-Cacheable
X-COUNTRY
RequestId
X-Bc
X-BC
Backend
Www
X-Instart-Isnd
X-Varnish-Beresp-TTL
X-Akamai-SSL-Client-Sid
X-Nananana
Cache-Hits
Xkeyrz
X-ECache
Cf-Ipcountry
Inserted-Into-Cache-At
X-Cache-Expires
Host-ID
X-Proxy-Cacherz
Lb
X-Node-Id
X-NGENIX-Cache
WebServer
XServer
X-Dynatrace
X-IN-APIGATEWAYSSL
X-Logtrace-Id
X-WR-MODIFICATION
X-Cache-Tag
X-Request-Url
Ajk
Requestid
Fastly-Backend-Name
X-PAGE-TYPE
X-PF-Uncompressing
X-TIME
X-Varnish-Action
X-Cache-Time
X-CSRF-TOKEN
Epwk-Cache
X-Unique-Id
Is-Session-Tracking
X-FORWARDED-FOR
Xkeynj
URI
Get-Access-Time
X-Fastly-Country-Code
X-MCACHE
X-Edge-IP
Fastcgi-X-Cache
X-Cache-Miss-From
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Tec-Api-Origin
X-Fastly-Backend-Reqs
X-Sedo-Request-Id
X-Requestid
X-Tec-Api-Version
X-Tec-Api-Root
X-LiteSpeed-Cache-Control
Dynatrace
X-AssetVersion
X-Wa
Cneonction
X-Svr
X-Pjax-Url
X-BE
DataCenter
Xet-Cookie
X-SRV
Correlation-Id
FNAC-ModuleRouting
T-Server
CDN
X-Var-Ttl
X-Sf
Pics-Label
X-Lb-Id
X-Swift-Error
X-WA
PICS-Label
X-NGINX-Cache
X-Dw-Trace-Id
X-PJAX-URL
X-Micro-Cache
X-Render-Time
X-Cf-Powered-By
X-Fastly-Cache-Hits
X-GDPR
Cache-Provider
X-LB-ID
X-Apw-Access-Action
X-Ecache
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Object
X-Vct
X-Request-URL
X-Serial
X-ServerName
X-Alicdn-Da-Ups-Status
X-Fpc
X-Litespeed-Cache-Control
X-RPM
Warning
Lfy
X-Html-Edge-Cache
X-Bug-Bounty
X-Akamai-ERPolicy
X-Zalando-Child-Request-Id
X-Flow-Id
X-Akamai-ERRuleID
X-WPE-Loopback-Upstream-Addr
RequestUuid
X-DW
X-Page-Impression-Id
X-RPS
X-DSS
X-DI
X-LiteSpeed-Tag
Ohc-Response-Time
X-DB
X-RSL